Generally, network security is deployed with two different techniques for purposes of achieving principal authentication and/or for purposes of ensuring secure communications over a network.
A first technique is referred to as authentication by assertion. With authentication by assertion, an entity, which is secure and trusted with a service, asserts an identity of a principal requesting access to the service. The service trusts the entity and therefore accepts the assertion that the principal is who the principal asserts to be and grants access to the service's resources accordingly. An obvious problem with this technique is that if an attacker can feign its identity to the intermediary entity, then access to the service is easily compromised.
The second technique uses keys and encryption to authenticate principals and their communications. This particular technique can include a variety of sub-techniques. For example, public-private key pairs may be used to achieve encrypted communications. In this scenario, a principal has a public key and a private key and a service has a public key and a private key. To communicate, the principal encrypts a message with the principal's private key and the service's public key. The service decrypts the message with the service's private key and the principal's public key. Private keys are generally not communicated over the network and generally reside on specific devices or environments associated with the principals and the services. Conversely, the public keys are readily available over the network and in some cases published over the network. One problem with this technique is that a private key may be acquired by an intruder within a principal's environment, since the private key is physically available there. In many cases, the individual environments of principals are less secure and more easily attacked than enterprise environments that have firewalls, etc. If an intruder gets a private key of a principal then the intruder can pretend to be the principal over the network. Public and private keys are also not very portable, in the sense that usually the private keys are tied to a specific device of a principal, such that if the principal uses a different device to connect to a network, then the private key is not available for use in secure communications.
Another key distribution and encryption technique is referred to as Kerberos. With Kerberos a Key Distribution Center (KDC) distributes encrypted tokens and session keys to principals and services for use in communication with one another. The encryption used is based on a shared secret, such as a password. The session keys if acquired permits messages to be encrypted and decrypted. The token provides a form of added authentication by vouching for the token holder's identity.
One benefit of a Kerberos technique is that a principal does not have to continually logon to different Kerberos enabled services and thereby expose the principal's password or secret over the network unnecessarily, since with Kerberos once an encrypted token (ticket) and session key is acquired these are used to authenticate the principal and to encrypt and decrypt messages.
However with existing Kerberos techniques, the algorithm to generate the encryption and decryption is publicly available and easily acquired. Thus, if an attacker is capable of acquiring a principal's shared secret or password then acquiring the decryption of the encrypted token and the session key is straightforward. Also, to acquire the initial token (referred to as “Ticket Granting Ticket” (TGT) in Kerberos parlance) and the session key, the principal must supply a password.
Furthermore, the tokens and session keys have limited life spans, such that as a principal uses Kerberos, the password is regularly supplied to the KDC. This can create a greater likelihood that an attacker could perform an attack to acquire the password; and acquiring an encrypted session key is relatively easy. Thus, although Kerberos was designed to limit exposure of a password for authentication and secure communications, it still has problems in that the password is still being used regularly by a principal to get initial TGT's and session keys, since these items frequently expire.
Therefore, improved key distribution techniques for encrypted communications are desirable.